Privacy Policy

OrderWork’s Privacy Policy

Orderwork Limited treats all information processing seriously. We have a continuous awareness that some of the data that we process is personal data, we need to ensure our processes treat personal information with respect and protect it from misuse. We take the processing of personal data very seriously.

We process data only for our core business purpose, we only process data for the original purpose that it was collected for. We do not keep lists of names for mail shots or cold calling, we will never pass on information to other parties for that purpose.

Here are the principles we operate to in respect of the personal data that we process;

Services to our end user customers

We process personal data about the individuals that we deliver services to. We only take the information that we need to be able to communicate with our customers about arrangements to plan the service, to deliver the service and then carry out any follow up work straight after the service which may include a satisfaction survey. For this we hold their name, address, phone number and email address. We do not request, record or process any other data, including Special data, about our customers.

If there is a credit card payment made in relation to the service, we pass card details directly to our payment service and do not record details of the card ourselves.

After the service is completed and invoiced we retain all the information about the service event to enable analysis of our services, for historical trending and planning for the future of our business.

If we use a supplier to deliver a service for us, customer details will be passed to them to enable the service. After the supplier completes their tasks they will not retain that information.

We never pass our customer data on to other parties after a service event is closed and we will not contact end user customers after all service events are closed.

All our customer data is held on our own servers, processed and hosted in the UK.

Services to our corporate partners and customers

We process personal data about the individuals that we deliver services to. We only take the information that we need to be able to communicate with our customers about arrangements to plan the service, to deliver the service and then carry out any follow up work straight after the service which may include a satisfaction survey. For this we hold their name, address, phone number and email address. We do not request, record or process any other data, including Special data, about our customers.

After the service is completed and invoiced we retain all the information about the service event to enable analysis of our services, for historical trending and planning for the future of our business.

If we use a supplier to deliver a service for us, customer details will be passed to them to enable the service. After the supplier completes their tasks they will not retain that information.

We never pass our customer data on to other parties after a service event is closed and we will not contact end user customers after all service events are closed.

All our customer data is held on our own servers, processed and hosted in the UK.

Our suppliers and service partners

We use suppliers and partners to deliver service for us. Our relationship with them is a contractual one, where they choose to work with us. We hold information about them to enable us to contact them in relation to delivery of services. If we stop trading with a supplier we continue to hold the information about them so that we can analyse our services, for historical trending and planning for the future of our business.

We pass personal information about our customers to our suppliers in relation to a service event to enable our suppliers to deliver service to our end users. In this case the supplier does not retain this information after the service event is completed and invoiced with us.

Our supplier information is held our own servers, processed and hosted in the UK.

Our relationship with our corporate customers

We provide services to many customers and have many customers within our sales pipeline, where we have engaged with them and wish to do business with them. For this purpose personal contact details are exchanged between peers (like project managers, sales teams and supplier managers) within our organisation and theirs. The personal information is names, phone numbers and email addresses; the phone and email address will normally be for a business location but some individuals choose to circulate personal contact details. The information is offered and exchanged in relation to maintaining a business relationship.

The information is never passed to other parties.

The information is recorded on the Microsoft Office365 and Salesforce systems.

Our recruitment and vetting of supplier’s staff

We process CVs for individuals where they apply for roles that we have advertised. This can be a direct applicant or, through one of our suppliers. CVs contain personal information and we treat this information with care.

As CV’s are always offered to us, we are assuming that the individuals are opting in to allowing us to process their data; they have offered their CV information to us by applying for our role or by advertising their CV on a job board web site.

We hold CVs within our Microsoft Office365 system where access is restricted to only the staff needing to access it.

As a vacancy is fulfilled, we ask unsuccessful applicants whether we can continue to hold their details, we do this for the purpose of finding them employment in the future.

Our own HR services and employee information

We process personal information, including Special information, about the people we employ and have employed. We need this information to be able to gain references, check entitlement to work and pay our team, all normal UK employment processes. We process information on paper and on our secure HR portal. Our paper files are under lock and key with our HR manager. Our HR Portal is secured for its purpose and the personal information is only available to our HR manager. Each employee can access their own data, where they can also use the Portal for booking holidays.

Our HR Portal is provided by a specialist HR systems provider and is hosted within the UK and Ireland.

Special category data

Within the GDPR regulations the term Special Category Data is defined (also called sensitive data) as this data needs more protection. The term is used in this policy and refers to more sensitive data like ethnic origin, biometric information or health matters. We only process data of this type within our HR system described above.

Disclosing Your Information

We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:

In the event that we sell any or all of our business to the buyer.

Where we are legally required by law to disclose your personal information.

To further fraud protection and reduce the risk of fraud.

Your rights under the GDPR;

Access to Information
In accordance with the GDPR, you have the right to access any information that we hold relating to you by making a subject access request.

All individuals who are the subject of personal data held by Orderwork are entitled to:

Ask what information the company holds about them and why.

Ask how to gain access to it.

Be informed how to keep it up to date.

Be informed how the company is meeting its data protection obligations.

Request for the data to be destroyed.

If an individual contacts the company requesting this information, this is called a subject access request. Subject access requests from individuals should be made by email, addressed to the data controller at data-controller@orderwork.co.uk

The data controller can supply a standard request form, although individuals do not have to use this. Individuals may be charged £10 per subject access request.

The data controller will aim to provide the relevant data within 14 days.

The data controller will always verify the identity of anyone making a subject access request before handing over any information.

Your rights under GDPR
In particular, but without limitation, you may have the following rights under applicable European data protection law:

Right of access:
You have the right to obtain confirmation from us as to whether or not we process personal data from you and you also have the right to at any time obtain access to your personal data stored by us. To exercise this right, you may at any time contact us.

Right to rectification of your personal data: If we process your personal data, we shall endeavour to ensure by implementing suitable measures that your personal data is accurate and up-to-date for the purposes for which we collected your personal data. If your personal data is inaccurate or incomplete, you have the right to obtain the rectification of such data. To exercise this right, you may at any time contact us.

Right to erasure of your personal data or right to restriction of processing: You may have the right to obtain the erasure of your personal data or the restriction of processing of your personal data. To exercise this right, you may at any time contact us.

Right to withdraw your consent: If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on the consent before the withdrawal. To exercise this right, you may at any time contact us.

Right to data portability: You may have the right to receive the personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller. To exercise this right, you may at any time contact us.

Right to object: You may have the right to object to the processing of your personal data as further specified in this Privacy Policy. Right to lodge a complaint with supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority located in the European Union.